Microsoft and AOL have been making an ugly spectacle of themselves
in the fight over instant messaging standards
[1]. For three weeks
the two sides have been exchanging rhetoric at a pace and a pitch
that is reminiscent of nothing so much as a bitterly divisive
political battle.

On 22 July Microsoft introduced a client, the MSN Messenger
Service, that connects with AOL Instant Messenger by requiring users
to supply their AOL screen name and password. AOL spluttered that
this requirement goes against the security admonitions that AOL
constantly inculcates into its customers. And AOL can't have been
thrilled that Microsoft at least potentially possessed login
information for millions of AOL customers -- even though Microsoft
insists it is neither collecting nor saving the logins. Adding
insult to injury, Microsoft's client can also import AIM buddy
lists.

As soon as MSN Messenger Service went live AOL blocked its access
to their servers. Microsoft coded around the block. AOL countered.
By the end of the first weekend the two teams had traded hack for
counter-hack five times; the last count I saw tallied 13 round
trips.

The two sides have feigned at lawsuits, wrapped themselves in the
robes of open standards and user security, and signed up allies at
a frantic pace.

The battle escalated another notch last week when someone posing
as an independent consultant wrote to security watchdog Richard
Smith, asking him to publicize the assertion that one of AOL's
blocking tactics utilizes a buffer overflow in the AIM client
[2].
If true this would point to a dangerous security hole in AIM. But
Smith determined that the "consultant" probably didn't exist and
that the message had originated on a Microsoft internal mail
server. Microsoft's protested
[3] that the unknown perpetrator had
no encouragement from the management. Right. Despite the tainted
source of the accusation, Smith insisted that AOL come clean about
any buffer overflows. AOL has bequeathed no word on the subject.

The irony of Microsoft arguing for open standards, and AOL against
them, was not lost on the SJ Mercury News's Dan Gillmor. He calls
them both aggravating hypocrites
[4].

Alex Lash wrote a good overview
[5] on the wider Microsoft - AOL
rivalry that he might have subtitled "How do I hate thee? Let me
count the ways."

Late last month, in near-perfect silence, Microsoft wrapped up its
court case against the Commissioner of the Internal Revenue Service
[6]. The only notice of the case was a slip of paper hanging outside
the door of a little-known courtroom at 400 Second St. N.W. in
Washington, DC. Microsoft had sued the IRS in the early 90s over the
favorable tax treatment allowed for CDs and movies, arguing that the
same rules should apply to software. The amount at issue in the case
is a mere $16M that Microsoft paid in taxes in the early 1990s, but
the outcome of the case could affect billions in the years to come --
for other software suppliers as well as for Microsoft. Oracle,
Autodesk, and Adobe all have similar cases pending in the Tax Court. In
1997, after Microsoft's suit was filed, Congress enacted the tax
provision that Microsoft wants. But the company fights on because a loss
in Tax Court could render moot the action of Congress. A ruling in
the case could take another year.

CORE, the Council of Registrars, is one of the organizations
accredited in the early-phase testing of competitive domain-name
registration. One of CORE's members, CSL GmbH of Duesseldorf, is now offering
two-year registrations in the .com, .net, and .org top-level domains
for 40.9 Euros, or about $43.23[7]. CSL thus becomes the first
competitive registrar to actually compete on the basis of price. NSI
and all the other active test registrars still charge $70 for two
years -- but this won't be true for long. To register your .com
domain for less than the price of a .nu
[8], visit CSL's registration
site joker.com
[9]. (This is no joke.)

The Internet Commission on Assigned Names and Numbers issued a
ruling that will limit Network Solutions's influence on domain naming
policy. ICANN has declared
[10] that no entity may send more than a
single representative to the Names Council, a body set up to advise
ICANN on naming policy. Under the previous rules, NSI had 3 seats
on the 21-member council.

Here is a story ripe for the mainstream press to blow all out of
proportion. USA Today reports
[11] on a case of organized voyeurism:
28 athletes from colleges in Illinois and Pennsylvania have filed for
damages against the makers and distributors of videotapes captured
by tiny cameras secreted in college locker rooms. The tapes were
sold over the Internet. Most states have no law against
surreptitious videotaping or selling such tapes over the Net, so victims
may have little recourse. This last week my hometown paper carried
news that the Massachusetts senate had just passed such an
anti-voyeur measure. Thanks for the tip on this story to Lynn
Saxenmeyer <saxenmeyer at worldnet dot att dot net>.

Note added 1999-08-17: Here's an example of such a cam
[11a],
being marketed as a consumer item.

Bill Scanlon <wscanlon at execpc dot com>, an attorney who is a longtime
TBTF reader, blurbist [11b],
and self-described "regular," adds this clarification on torts and common law.

It is not correct that "most states have no law against" what
the 28 athletes complain happened to them.

Most states have no statutory law against that sort of thing.

However, in all states of the United States except Louisiana the
system of law is at least partially a "common law" system. In a
"common law" system, what the law is is defined by not only the
legislature and executive, in statutes, but also the courts, in
their opinions on cases that come before them. Court-defined law
is referred to as "common law." Indeed, the "common law"
includes much of contract law and "tort law" - the law
concerning injuries against a person's person or property on the
basis of which the injured person (or her/his representatives)
may sue to recover compensation for the injuries.

In almost all states, what the 28 athletes alleged happened to
them would be "torts" under the common law even if not under
statutory law. The torts involved would be violations of
various forms of the right to privacy.

On 28 July the NY Times reported that the Clinton administration was
mulling a plan
[12] for a computer monitoring system, called Fidnet,
that would watch the country's data networks for intruders. The FBI
was to oversee Fidnet, which would expand from monitoring government
networks to watching private ones. The outcry from civil libertarians was
immediate and deafening, and the administration shelved Fidnet
[13] the next day.
Just to nail that particular coffin, Congress voted
[14] on 30 July
to ban the Justice Department from spending any funds on Fidnet.

Note added 1999-08-16:
Today's NY Times features an interview
[14a]
(free registration and cookies required)
with Richard Clarke, the National Security Council's counterterrorism czar. He
considers Fidnet anything but dead, and says Congress will surely finance the
system once lawmakers understand it and Clinton gives it the go-ahead.

Late last month the
German online magazine Telepolis published a letter
that US Attorney General Janet Reno sent at the end of May to the
German Justice Minister urging a ban of crypto products on the
Internet. John Young has posted a translation on Cryptome
[15]. Here
is the original article, in German
[16], and the letter as published
in Telepolis
[17]. An excerpt from Reno's letter:

Much work remains to be done. In particular, I believe we must
soon address the risks posed by electronic distribution of
encryption software. Although the Wassenaar Nations have now
reached agreement to control the distribution of mass market
encryption software of certain cryptographic strength, some
Wassenaar Nations continue not to control encryption software
that is distributed over the Internet, either because the
software is in the "public domain" or because those Nations do
not control distribution of intangible items. While I
recognize that this issue is controversial, unless we address
this situation, use of the Internet to distribute encryption
products will render Wassenaar's controls immaterial.

At last week's LinuxWorld Expo, a panel discussed the various models
of how open source projects are controlled and directed
[19].
Contrary to what you might expect, open source does not mean
"democratic." Linus Torvalds runs Linux development as an absolute
dictatorship buffered by a sizable bureaucracy. At the other end of the
spectrum, Brian Behlendorf says that development of the Apache Web
server is governed by a round table of two dozen equals, all of
whom have veto power over proposed features. Perl development
proceeds like a constitutional monarchy. Larry Wall, the language's
original author, has relegated to himself the role of a Supreme
Court, settling the disagreements that the development community
can't resolve.

Scot Hacker <shacker at birdhouse dot org>, who runs a tips site
[20]
for users of BeOS, is frustrated. The press covers Linux ceaselessly
but rarely writes about BeOS. When this commercial OS is covered,
Hacker believes, the articles are usually written by pundits who have
never tried BeOS or done any real research. He writes,

BeOS is easier to install, easier to use, and easier to
configure than Linux. It's got a consistent, elegant,
lightweight, non-chaotic UI, is POSIX compliant, includes a full
bash shell, boots to full GUI in less than 15 seconds, and
does multithreaded multitasking like nothing else. It's got a
fully journaled 64-bit database-like filesystem. I believe
it's far better suited to become a replacement for or
alternative to Windows on the desktop than is Linux. BeOS costs
just a bit more than a set of Linux CDs. So why is none of
this coming to light in the press?

(Neal Stephenson's storied essay In the beginning was the command
line[21] makes much the same point, at great and entertainingly
readable length.)

Hacker has set up the Alt.OS Usability Challenge[22] to invite tech
publications to compare BeOS with Linux by watching real users. The
model is to sit down a Windows or MacOS user with a Linux
distribution and a BeOS CD and have normal users install, configure, and
use the respective systems; observe and report.

I wish I had the time to mount this test myself, but I don't. I'll
be curious to see how many publications take up the challenge.

By the way, BeOS Tips is served from Hacker's main BeOS
development machine, which is also running 1.7M keys/sec. in the rc5des
[23] distributed crack. How many Windows, or even Linux, users would
be willing to try this?

Another proof point that the censorware approach is fundamentally flawed

The Censorware Project investigated
[24]Bess, a product widely used
in schools across the US and Australia and aggressively marketed to
libraries, schools, and governments. N2H2[25], the company that
markets Bess, claims that the proxy-based filtering software shields
more than seven million schoolchildren. N2H2 is unusual in a couple
of ways. They claim not to block by keywords -- that every one of 8
million sites on their block list has been examined by a human. And
N2H2 is the first of the censorware companies to announce plans to
go public.

The Censorware Project found hundreds of porn sites easily
accessible, unblocked by proxies in actual use in schools today, as well
as numerous sites incorrectly blocked for no discernable reason. The
report casts serious doubt on N2H2's claim of 100% human-based
filtering, a claim the company president made in Congressional testimony
last May.

N2H2 employs 15 full-time and 58 part-time workers to scan Web sites,
according to their recent IPO filing. The Censorware Project's report
estimates that this number falls short -- by a factor of about 20 --
of the labor force that would be required just to keep up with the
Web's growth (2 million pages per day), let alone to track site
updates or to classify the 1 billion Web pages already in existence.

Please note that the report
[24] necessarily contains some ugly
language and many links to offensive sites.

This BBC article
[26] speaks of qualms about Brookhaven National
Laboratories' Relativistic Heavy Ion Collider. It seems that once
the machine is activated, scientists aren't 100% certain that it
won't turn the whole earth into strange matter.

Scientists aren't 100% certain that a glass of water at room
temperature won't spontaneously develop ice cubes, either, but it's
the way the smart money bets.

The BBC story was pretty convincingly deconstructed on Slashdot
[27]
(albeit by Anonymous Cowards). Thanks to TBTF Irregular Jamie
McCarthy <jamie at mccarthy dot org> for that pointer, and to others
regular and Irregular who poured healthy skepticism in my general
direction when I posted this item as a Tasty Bit of the Day.

On the American Physical Society's What's New page
[28], Robert Park
writes:

Could the "Big Bang Machine," a.k.a. Relativistic Heavy-Ion
Collider, produce "perturbations of the universe" -- maybe a
black hole -- and destroy Earth? The Sunday Times of London
reported that Brookhaven director John Marburger had appointed
a panel of physicists to investigate. Not exactly. He asked
them for a white paper explaining why it's not a worry. In
spite of millennium madness, Marburger said this morning that
the net effect has been very positive. Reporters from around
the world call to ask if there's anything to the story, and
end up learning about RHIC.

Too close

Judging now much to worry about near-earth objects

How dangerous, in reality, are asteroids of the sort that starred
in last summer's blockbuster [sic] movie? Should we worry about the
danger from an asteroid with a one-in-a-million chance of striking
earth? Scientists have announced development of the Torino scale[29], a method of communicating the degree of danger from near-earth
objects. So far no known object has been assigned a Torino number
greater than 0. (At Torino 10 the earth is toast.) See
[30] for a
succinct graphic (98K) depicting the factors woven into a Torino
scale number. The scale takes into account the probability of a
collision and its likely kinetic energy -- which depends on the
object's diameter, composition, speed, and strike angle. Thus a
100-m asteroid with a 1-in-100 chance of striking the earth merits
the same level of concern -- 2 on the Torino scale -- as a 5-km
asteroid with a 1-in-a-million chance.

This site
[31] lets you explore the known near-earth objects for
yourself. I particularly like the search function
[32], where you
can ask, say, for all known objects that will ever pass closer to
earth than the moon's orbit (call it 0.0025 AU). This site
[33]
lists all known close approaches (closer than about 5M miles) for
the next 100 years.

Scientists estimate that fewer than one in ten near-earth asteroids
have yet been discovered and mapped.

A team of Florida physicians recently reported two cases in which
delusional patients have woven the Internet into their fantasy
systems
[34]. These are the unfortunates who used to wear aluminum-foil
hats to block the radio messages the CIA was trying to beam into
their heads; now it's the Net that provides a backdrop of
threatening and poorly understood technology from which to craft their
delusions.

Randy Cassingham's engaging periodical This Is True
[35] noted this
story under the title www.ParanoidPsychoticDelusions.com. Of
course I had to add it to the No We Don't have a Web Site page
[36],
the home for bogus and self-referential (and mostly nonexistent)
URLs. Thanks to Herbert Hille <hhil at loc dot gov> for the pointer.

Notes

Apologies for the hiatus
between issues. TBTF should settle down to
a more regular schedule now, with the possible exception of a week
in September when I will be on the windjammer Grace Bailey off the
coast of Maine. No, I won't be taking a computer, why do you ask?

I went to high school
with Herbert Hille, my informant for this issue's final item.
Through him I've now reconnected with two other
long-lost friends; working on a third.